A Disney Worker Downloaded an AI Tool. It Led To a Hack That Ruined His Life. (dailymail.co.uk)
- Reference: 0176551777
- News link: https://it.slashdot.org/story/25/02/26/1724216/a-disney-worker-downloaded-an-ai-tool-it-led-to-a-hack-that-ruined-his-life
- Source link: https://www.dailymail.co.uk/news/article-14438343/disney-worker-ai-tool-matthew-van-andel.html
[3]non-paywalled source
for five months, giving hackers access to his 1Password manager.The attackers used the stolen credentials to access Disney's corporate systems, publishing sensitive information including customer data, employee passport numbers, and revenue figures from Disney's theme parks and streaming services. The breach also devastated Van Andel personally. Hackers exposed his Social Security number, financial login details, and even credentials for his home's Ring cameras. Shortly after the incident, Disney fired Van Andel following a forensic analysis of his work computer, citing misconduct he denies. Security researchers believe the attacker, who identified as part of a Russia-based hacktivist group called Nullbulge, is likely an American individual.
[1] https://it.slashdot.org/story/24/07/16/1832237/hackers-claim-to-have-leaked-11-tb-of-disney-slack-messages
[2] https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931
[3] https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931
Re:WOKE Disney hires DEI people. Gets HACKED. :D (Score:4, Insightful)
My favorite thing about the word "woke" is that when someone is mad about it I can instantly dismiss them as an idiot without having to read all of their rambling stupidity.
Re: (Score:1)
Is being so stupid difficult? Or is easy for you because you lack the self-awareness to realize it?
Re: (Score:2)
It does sound like the company is on their last legs
[1]https://thewaltdisneycompany.c... [thewaltdisneycompany.com]
[2]https://finance.yahoo.com/news... [yahoo.com]
I'd give them another 6 months before chapter 11.
[1] https://thewaltdisneycompany.com/the-walt-disney-company-reports-first-quarter-earnings-for-fiscal-2025/
[2] https://finance.yahoo.com/news/disney-swings-streaming-profit-321-114000467.html
Re: (Score:2)
Be an idiot, make deranged postings. Like you just did.
So what was the "AI image generation tool" ? (Score:5, Insightful)
Article is missing what would have perhaps been the most helpful information, namely what this AI thing from GitHub actually is so that the rest of us could check to see if we have ever used it and might be compromised.
Re:So what was the "AI image generation tool" ? (Score:5, Informative)
It was the ComfyUI_LLMVISION Comfyui plugin from user AppleBotzz [1]https://www.reddit.com/r/Stabl... [reddit.com]
Here's a decompiled & unpacked version of the malware for anyone interested: [2]https://github.com/atericparke... [github.com]
[1] https://www.reddit.com/r/StableDiffusion/comments/1dblsqn/psa_if_youve_used_the_comfyui_llmvision_node_from/
[2] https://github.com/atericparker/NullBulge_Archive
Re:So what was the "AI image generation tool" ? (Score:4)
How is that not suspicious to anyone even remotely rational based on name alone?
The non-paywalled link is... (Score:3)
... basically just the title. Anybody has a link with the full story?
Re:The non-paywalled link is... (Score:5, Informative)
A, found one: [1] Disney engineer downloaded 'helpful' AI tool that ended up completely destroying his life [dailymail.co.uk].
Not sure it's the full available details, but at least it has much more than that "non-paywalled" source from the summary.
[1] https://www.dailymail.co.uk/news/article-14438343/disney-worker-ai-tool-matthew-van-andel.html
Re: (Score:3, Funny)
Thank you.
When the DailyMail has more actual information about something, you know the world is sorely topsy-turvy.
Yeah.... (Score:3)
A whole lot more than just some lost passwords went wrong here.
Corporate security (Score:4, Interesting)
What were the security guidelines for Disney employees? Were they told not to install anything that wasn't explicitly cleared by Disney or were they allowed to use their workstation as a playground?
Re:Corporate security (Score:5, Insightful)
"told not to install "
Disney is large enough that their IT should have the tools to *prohibit* installation.
Re: (Score:3)
> "told not to install "
> Disney is large enough that their IT should have the tools to *prohibit* installation.
It probably has something to do with the amount of control given to this "imagineer" for him to do his job. He probably had elevated permissions in their environment. That's enough to get you blocked from all but the lowest jobs in his chosen profession going forward.
Re: (Score:2)
> It probably has something to do with the amount of control given to this "imagineer" for him to do his job. He probably had elevated permissions in their environment. That's enough to get you blocked from all but the lowest jobs in his chosen profession going forward.
You don't need elevated permissions for things like that. You can do a lot of things without admin on Windows these days. Things like installing software can be left to the IT team to work out if and when to install it for the user. I would pr
Re:Corporate security (Score:5, Funny)
That Mickey Mouse operation? Doubt it ;-)
Re: (Score:2)
And at a higher level, if those prohibitions were bypassed, maliciously or innocently, the data that was accessed was not secure. One employees computer shouldn't have this much power over company data and infrastructure. The real failure is up the chain. This is a CTO-level failure.
Re:Corporate security (Score:5, Interesting)
The malware was installed on a home (not work) computer, which appears to have never been connected to a Disney network.
The problem was:
> The hacker gained access to 1Password, a password-manager that Van Andel used to store passwords and other sensitive information, as well as âoesession cookies,â digital files stored on his computer that allowed him to access online resources including Disneyâ(TM)s Slack channel.
How and why Disney credentials were in his personal 1Password is not explained.
Re: (Score:2)
i.e. no MFA or other type of access control
Re: (Score:2)
No MFA and also allowed full VPN access from an unmanaged (non-corporate) computer.
CIO/CISO should be fired too.
Re: (Score:2)
He very likely did not have MFA on his 1Password account.
He could very well have had MFA on every single other account he used, but if they had access to 1Password, and his MFA credentials were stored in 1Password (which is definitely a thing that it does, so it can auto-enter the TOTP code for you) then it was game over.
Re: (Score:1)
He very likely did not have MFA on his 1Password account.
The article (or at least an article I read) said exactly that - the malware had a key logger, he logged into his non MFA 1Password, and boom!
It even cautioned people explicitly to set up MFA on 1password, which does seem like a great idea for a master password store, although obviously more annoying in day to day use which is why most people do not do it!
Re: (Score:2)
They must have then had some more malware on his computer to gather other information - with 1Password, when you first set up your account, you're given what they call an Emergency Kit, which is a PDF that has a secret key on it. This key is not held anywhere with 1Password, you have the only copy of it.
You can not log in to a 1Password account with just the email and password, nor can you perform a password reset with just these credentials.
In order to log in to 1Password from a new device, you must have t
Re: (Score:2)
This is a large enterprise. Hence it is certain that there was an explicit prohibition on what he did as part of his employment contract. Which he signed.
Re: (Score:3)
This doesn't surprise me and it scares me to death at the same time. Our administrators are usually the type to want to play around with new toys. And obviously they get privs that are dangerous. We DO a good job at not letting users log in to their machines it their admin or domain admin accounts. And we vault their admin accounts and do daily rotates. But STILL, I know of a way to get to the keys to the kingdom without a single MFA. I have a feeling others do too. We also don't like being told we c
Re: Corporate security (Score:2)
Exactly, there should be a corporate password repo and a personal one. The corporate one should never be used on a personal computer.
Re: (Score:2)
Yeah, no kidding. Why would they not have application allow listing enabled? How are users able to just run arbitrary executables downloaded from the Internet? Crazy that no security layer flagged this activity at all.
Re: (Score:2)
Further, why isn't this being described as a failure higher up the chain?
Why should an employee have the power to cause this much destruction, even if the result of an error?
If your company can crumble because of a single lower-level employee, you have issues with your security landscape.
Re: (Score:2)
> Were they told not to install anything that wasn't explicitly cleared by Disney or were they allowed to use their workstation as a playground.
In the many, many companies for which I have worked not a single one has said I can download and install whatever I want on their computers. That is when I had a dozen coworkers or thousands of workers. I can surmise a large corporation like Disney explicitly state these rules.
Perspective (Score:2)
Ruined his life, really? Sounds like a minor inconvenience and a great opportunity to sue your employer for wrongful dismissal. He may have won the jackpot.
Re:Perspective (Score:4, Interesting)
Hahaha, no. Prohibition to download and install software yourself is typically part of your employment contract. If anything, Disney could sue him for all the damage done and he would have to pay. Likely the only reason they are not doing that is because they would not recover a lot and it would be bad for their public image.
Seriously, how clueless do you have to be to make a statement like you just did?
Re: (Score:2)
> Prohibition to download and install software yourself is typically part of your employment contract.
On your own computer at home?
Re: (Score:2)
> Ruined his life, really? Sounds like a minor inconvenience and a great opportunity to sue your employer for wrongful dismissal. He may have won the jackpot.
That would be assuming he is innocent. If it really was a "forensic analysis of his work computer" that turned up the evidence of his wrongdoing, I don't think he has a jackpot waiting for him...
Re: (Score:2)
Having your SSN and financial details exposed is a 'minor inconvenience'? No.
Re:Corrected headline --- (Score:4, Insightful)
While your overall thinking is mostly correct... TFA says it was his home computer, not a work one.
But they were able to compromise his 1Password account on that computer, which had Disney credentials stored in it. And I don't know about you, but I'd suggest that many corporate password storage policies are not as clearcut as their software/download policies. Was it his personal 1Password account that had work credentials in it? Does Disney have recommended password storage guidelines or requirements? Was he following any of those?
Re: Corrected headline --- (Score:2)
If it was his corp 1password account then Disney fucked up. 1Password can do Entra SSO and you can block logins for the app from unmanaged devices or unknown networks using conditional access policies.
Idiot does Idiot things (Score:3)
Loses his job and life in process of doing idiot things. News at 11
Dumb peope: I blame AI for this. (Score:2)
That's what the article is going for, anyway. They want readers to feel like AI is fundamentally insecure, when that's not what happened here.
"He denies" (Score:2)
How stupid do you have to be? These guy downloaded unauthorized software from an external source, doubtless without permission to do so, and then messed it up.
He is lucky to just have gotten fired.
Re: (Score:2)
You may have already read it in a couple of the replies above, but this wasn't his work computer. It was a personal computer at home. So not really much "unauthorized" about that or "permission" required. They got in through his then compromised 1Password account where he had apparently stored Disney credentials. Of course, should he have been storing work account info in a (assumed) non-work password manager? Don't know what Disney's policy is there.
non-paywalled? False. (Score:2)
> that compromised Matthew Van Andel's computer [non-paywalled source]
The non-paywalled source displays only the first two lines of the article with no javascript, and a paywall with it.
Fuck your paywall-only article.
These attacks are what keeps me up at night... (Score:2)
Those attacks are what worries me, because no matter what security I have, be it a PW manager, FDE, encrypted drives, a decent AV condom, running macOS as a balance between app availability and privacy, and such, all it takes is one thing like this to completely compromise everything.
Maybe we need to see about better containerization somehow, perhaps move towards the QubesOS model? That, or block the channels that infostealer malware works on, perhaps prompting the user, just in case this is something legi
What the hell was his job at Disney? (Score:3)
The article says Matthew Van Andel lost over $200,000 in bonuses. What the hell exactly was his job at Disney? A few years ago I was working for a Fortune 500 company and you'd have to be at least 2 levels above my manager - and I was a drone, not in management - to have a salary around that kind of money, let alone get those kind of bonuses. The article makes it sound like he was just some kind of average joe programmer, but he was a very highly salaried employee to have bonuses of over $200,000. Were they paying him a million or more a year in his job? What the hell exactly was he doing? He seems to have no internet history besides this report. There's no Linkedin profile for him that I could find. Does this make sense? Is it all bs and lies to get money for some kind of GoFundMe scam?
Re: (Score:3)
When babies grow a bit older, it is time to do potty training. When they feel shit coming up, they have to learn to go to the potty and dump it all in there. Then they get happy when they get a nice sticker. The ass wiping, that is for later.
When kids go through puberty, they suddenly start to see the world in a different perspective. It causes a lot of mental shit. That's when mental hygiene starts to become important. They have to learn to use those newly acquired executive functions to sort stuff out.
Re: (Score:2)
He looks exactly like a toolbag I used to know who died from liver failure, but with a really stupid mustache to "hide is identity". Guess his new one didn't work out either.